Uploaded image for project: 'Sling'
  1. Sling
  2. SLING-8845

URL query parameter values are double-escaped for cases where namespace mangling has to be performed

Details

    Description

      URL query parameter values are double-escaped for cases where namespace mangling has to be performed:

      xssAPI.getValidHref("/path/to/page?key=%25text"); // -> /path/to/page?key=%25text (which is correct)
      
      xssAPI.getValidHref("/path/to/page/jcr:content/par?key=%25text"); // -> /path/to/page/_jcr_content/par?key=%2525text (which is wrong)
      

      Attachments

        Activity

          radu Radu Cotescu added a comment -

          Fixed in commit 9927ab0.

          radu Radu Cotescu added a comment - Fixed in  commit 9927ab0 .

          People

            radu Radu Cotescu
            radu Radu Cotescu
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: